Topic: I entered the police station as a suspect. When I left the officer loved Bitcoin (Read 12913 times)

The answer in this case it to turn the funds over to the government; if you can not find a way to return them.

I am thinking of trying to convince Canada's Receiver General to post a public Bitcoin address. One sticking point I forsee is that he who controls the private key could steal the funds. However, I worked out how joint Bitcoin accounts can work as well (but have not implemented it in code yet).

Stance of an individual worker should never be associated with the company he works in.

This is beautiful, however I feel that if the greatest benefit he sees is no creditcard fraud then its a bit besides the point. Thats not its greatest feature at all!

In the case of politicians' requirements to not accept "dirty money", it may be that it is not considered theirs until it is put to use. or that it would be a lesser offense.

Perhaps in a similar way to that of the misdemeanor crime of "joy-riding" becomes "grand theft" when you switch the license plates or otherwise attempt to change the identity of the vehicle making it less identifiable as belonging to its rightful owner.

I think you have to verify the identity of the users of your exchange or you can have lots of law isssues

Not exactly, it's more like a certificate-like protocol, similar to SSL, something that would allow strong authentication of addresses. This is an essential infrastructure brick if you want to have a decent level of security. If you don't understand why, please learn about it before opening your loud mouth.

Cool story.


I think this is actually a very stupid idea. Let amazon get a vanity address the normal way if that actually makes any difference (it doesn't). Otherwise what, a dns system for Bitcoin? Get out. Literally get out. If you think Bitcoin should be changed into something less to be easier for Joe Blow you don't belong anywhere near it, please leave now. The only acceptable solution is for everything to change to accommodate Bitcoin, and that everything includes "clueless customers". Nothing less and nothing else.

Splendid! The power of fact with abundant details cannot be resisted.

interestingly, some banks will block transactions with 'bitcoin' in the reference field.

the method of verifying a customer account by depositing a small amount to their account is something several e-wallet sites already implements.

very serious.

a complete lay person can read "for buying bitcoins" and go "okay this transaction must be for buying bitcoins".

on the other hand, anyone seeing "bitcoinnordic" might need to go to google and/or bitcoinnordic's website and find out what they're all about.

i for one had never heard of them until this thread.

Seriously?
Sending money to a company whose sole purpose is to sell Bitcoins is already "proof beyond reasonable doubts" that you're buying bitcoins.

no, "BitcoinNordic" is vague

"for buying bitcoins" is explicit

Come on. I haven't read the entire topic yet, but are you seriously implying that his service has any amount of guilt in this? That OP has something to "solve"?

People should simply learn not to send money to unknown types on the internet without escrow. Either you verify the other party reputation or you use a reputable third party, specially for meaningful amounts.

Financial privacy should not be thrown away simply because some are irresponsible with their money.

That said, I don't doubt at all that he might be required by law not to respect people's privacy, as you say. If that's the case he doesn't have much choice anyway.


They're already sending money to BitcoinNordic account anyway. Unless you're talking about owners of joint accounts who don't want the other owner to know where the money is going to (fishy), for everything else that matters it's already "written" in their statement what they used that money for.

I do agree that is a problem with the software. But it's an easy fix: just maintain a list of transactions that you received knowingly and only consider those transactions as candidate tx inputs. Any other transaction is simply ignored and never spent, nor does it have to be shown in your internal accounts. If you use a unique address per payment, which you should, this is easy to do. If you really want you can return unwanted transactions as well by simply resending them to one of the input addresses, or want, ask for a request signed by one of those addresses.

I think the more fundamental issue is that Bitcoin makes it publicly known that you can spend the funds. A "counter-sign to accept" protocol still has that problem, because you could simply publish the first part of that counter-sign proposal somewhere, and again, just like the blockchain, the recipient would be able to access the funds. The advantage of course is that it is less obvious, the real issue legally speaking. What you'd need to really lock things down is define your transactions to have an additional two steps: receiver signs an intent to accept, then sender signs the intent. Now transactions are forced to be interactive. In any case, Bitcoin can't and never will be able to support this mode of usage because it will always support non-interactive transactions.

The problem with both of these examples is that there is nothing tying the funds to my organization. In the first case, even if the key was only shared between the two of us and hadn't been posted on a public forum, ownership is still joint--we both have the key. In the second case, everyone has access. I presumably have a list of accounts which belong to the organization, and neither of these is on it. They are indistinguishable from any other anonymous Bitcoin account. The issue is money suddenly and inexplicably showing up in an account known to be associated with the organization, and which the organization needs to account for. Unwanted access to accounts created by others is a separate matter.

If you ran a business, and someone made a sizable anonymous deposit into your business's general fund, don't you think that would result in a lot of extra paperwork? The lack of payee endorsement when funds are transferred between Bitcoin addresses makes that easy to pull off. And what about the idea of "tainted" coins? I don't approve of it myself, but others do, and there is currently no way to prevent "tained" coins from being mixed in with your "clean" ones. You could easily end up party to an investigation just because someone decided to lay a false trail by transferring funds to your addresses.

Even better, I just took that money (which was at 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH) and moved it to 3MaB7QVq3k4pQx3BhsvEADgzQonLSBwMdj, which is a P2SH address that can be redeemed by anybody using the script OP_TRUE. So I just sent everybody in the universe money, and they can't refuse it!

The existence of Bitcoin may change the way people think about how money is owned (since money can be jointly owned in interesting ways with multisig or even more exotic scripts), and it might take a while for law/courts/society to adapt. Interesting to see it slowly happen bit by bit, in ways like this story tells.

No, that is incorrect. The funds are transferred as soon as the transaction is signed by the payer and included in the block chain. At that point the first transaction is "complete" in that the payee controls the funds, not the payer. The payee can choose to ignore the transaction, of course, given a suitably modified client, but so far as Bitcoin is concerned, those Bitcoins belong to the payee whether the payee wants them or not.

In the latter case--for example, if the payee cannot legally accept the funds--there needs to be a way to either ensure the transfer does not take place, or to reliably and provably return the funds to the actual payer (which may not be the same as the originating address); otherwise the payee is left with more Bitcoins under their control than they can legitimately account for, which is sure to cause problems in the event of an audit.


I agree that the courts need to understand the issue, but involuntarily receiving the key to an account created by someone else is not really the same as being unable to prevent funds from being deposited into your own account. For one thing, importing and using a private key from an external source is a deliberate act, but users do not generally get to pick and choose which transactions to use as inputs among their existing accounts; all unspent outputs which the client has a key for are candidates when sending funds.

I e-mailed him to inform him about our policy update along with general Bitcoin information.

I concur,

why not show the amount as pending when you revive it and than make a transaction of a view random cents back to your customer with you website as message like 4K7ut3 or something. The exact amount of cents and the message are required to get the BTC.

Scammers would have a hard time explaining their victims why hey need that info. And no BTC history on the Bank account.

Yes, refuse incoming payments from new customers without the message.

The text message is available to us at the same time as the transfer is visible.

P2SH already works that way. The sender of the funds makes an incomplete transaction which says "these inputs can now be spent if someone provides a valid script with this hash" If you want to receive those funds and send them somewhere else you take that incomplete transaction (called the first transaction on Bitcoin) and complete it with a second transaction to send the funds where you want.

I mean, seriously though you're arguing semantics. Ultimately Bitcoin allows you to put money in electronic lockboxes that can be opened by anyone with the correct key. Sure it looks like you're "sending" money on blockchain.info because it shows things in terms of account balances, but an equally valid way of looking at it is "I happen to have the correct key(s) to open these lockboxes" You can come up with window dressing to hide that fact, but fundamentally that is how Bitcoin works. We're better off it courts understand this - it's not much different than me calling you up and leaving a message on your voicemail with the secret account numbers of a swiss bank account.

For instance, I'm going to tell you right now that there is a unspent transaction on the blockchain that can be spent with the private key 0000000000000000000000000000000000000000000000000000000000000001 - I just sent you money, and you can't refuse it!

one problem with this is that real customers who are actually buying bitcoins, might not want such an explicit record of that fact in their bank statement.

While I do not think talking to police is usually a very good idea; in this case, you may want to even go and talk with the same police officer, let him know of the change you implemented and ask if he has any other suggestions that would make your system less prone to fraud.

Then he will know you are attempting to act in good faith and you will likely get a helpful tip or two since it sounds like he investigates a lot of credit card fraud and has likely seen all types of schemes.

That isn't a complete solution, because addresses are not one-time-use. Once an address becomes publicly known (for example, by being mentioned in a transaction in the block chain), anyone can send to it. Individual contribution addresses would have helped, but it's still only a voluntary protocol; someone inclined to cause mischief could still send them funds which they cannot accept, since they have no data on the source, and which they cannot reliably return.


The idea was that this would be a superset of the existing transaction protocol. The receive script would be optional (or a standard accept-all script could be used) such that those who prefer the current style could have addresses which accept all incoming transfers.

However, even for those who want to sign off on receipts, there is no reason why you couldn't do that (for single-payee transactions) and still spend the money right way. As long as the incoming transfer only lacks your endorsement, you should be able to broadcast it and the outgoing transaction spending the funds at the same time. OpenTransactions requires payees to sign off on all funds received before the account balance is updated, and it really doesn't add very much overhead. It just presents a list of outstanding balance transfers to your account, and you go through the list and check off those you approve of.


Yes, the scripts for each output would have to be satisfied before the transaction would be considered valid, just each input scripts must be satisfied now. Ideally, partial transactions would be broadcast through the network to collect signatures, and those with different subsets of the required signatures (input and output) could be merged until the transaction is eventually completed and accepted into the blockchain.

... and will return/refuse to accept incoming payments that will not include this message?

how long does it take for your bank to process this metadata on bank transfer? ('my' bank credits the account on day 1 but full transaction info appears only on day 2)
and how easy is it for you to return a payment?

This.

Simply because Bitcon is cash online, the scammers aren't even SEEN performing their art. People are generally naive about payment systems and it all boils down to: do not deal in cash (bitcoin) with an online merchant you don't know, typically an individual that has not bothered to register with any administration.

For example, on instawire.org, in light of these recent reports, we will soon add a warning like:

When copying a bitcoin address in your wire information, please make sure the bitcoin address belongs to YOUR bitcoin wallet.
Do NOT copy a bitcoin address supplied by an online seller (doing so would create an opportunity for the seller to defraud you).

I think it'd be good for both types of transactions to co-exist (I do not understand your plan enough to know whether that is the case).  I would not want to have to approve each transaction in which I was the receiver - I want the money there and ready to be spent next time I am at my computer.  Most individuals probably share the same viewpoint.  From a business perspective, it makes sense to accept transactions, from a personal standpoint, maybe not so much.

Also, how would this affect sendmany transactions?  Every receiver has to sign off on it prior to acceptance into the blockchain?

That's true, but remember we're talking about the case of somebody who was/is being scammed. Uploading directly to the merchant has multiple advantages for them and no disadvantages, so why not make it the default. As long as they know roughly what to expect and the UI is clear, it can help raise the bar for scamming.


They did have such a way, only generate an address once necessary checks have been done. Because they weren't taking Bitcoin very seriously they just threw a static address onto a web page without thinking through the consequences. It's not much harder to do it right though, and these days companies like BitPay make it easy.

While that is a nice touch from a UI / accessibility point of view, it's not quite what I meant. The problem is in the underlying protocol: transactions are considered valid when signed only by the payer. Under the proposed system, there is still nothing to prevent someone from uploading a transaction on their own without involving the merchant. The cases I had in mind are those like the political campaign which was accepting Bitcoin contributions a while back; they had specific rules regarding which kinds of contributions they could accept, but no way to block transactions which failed to meet those rules, and no reliable way to know whether it was safe to simply return the funds to the originating address--which may belong to a wallet or payment service or exchange rather than the contributor.

What I had in mind was essentially P2SH with two scripts, one to send from an address and another to endorse receipts. To receive funds you would take the incomplete transaction and add the address's receive script, a signature for the amount received, the memo field, and (optionally) the originating address(es), and then broadcast the updated transaction. For multiple payees, partial transactions could be merged until all the signatures are present, at which point the completed transaction can enter the blockchain. The private key for receipts could be different from the key for payments, so "cold storage" is not affected.

Of course, but there are always the uninitiated who come along and make the same mistake.  That's why the game has persisted for so long.  And if you want further proof just idle in #bitcoin-otc and you can watch it happen on a daily basis.

Smart.

I've implemented a new policy where we require bank transfers to include the message "For buying Bitcoins".

I disagree.  How many more instances of people sending Bitcoin to scammers do we need to see before people "quickly adopt" to it?

Handling cash is a different animal.  You get to see the person you are doing business with.  In almost all cases with Bitcoin, you do not.  It is much harder to be scammed using cash, unless you're sending it in the mail (a bad idea to start with) or paying drug dealers in a back alley (another bad idea).  But the purpose of Bitcoin is, effectively, to send cash in the mail!  There is no commonly-held precedent of understanding that can apply to this.

Not necessarily, people can also learn from other people's mistakes.

I call BS on this. People generally already know how to handle cash, there's no reason they couldn't quickly adopt all those same principles to handling bitcoins.

Yes, I quite agree. The existing system is stagnant. Bitcoins greatest strength is anyone can innovate on top of it.

For funding of network improvements I believe assurance contracts are the way to go. We can crowdfund improvements from developers with good reputations.


Quite possibly. The fact that governments don't issue citizens with asymmetric keypairs is an astonishing lack of imagination. Well, probably a few enlightened countries do, but it's not normal.

I think in future we may see companies, perhaps exchanges, issue personal certificates that contain identity information along with some information on how that identity was proven. Note that this doesn't prevent you from creating anonymous pseudonyms. The underlying assumption behind presenting ID documents is scarcity. You could just as easily spend 100 BTC to miner fees (over a long period of consecutive blocks to avoid you mining the fees back yourself) and then use that as proof that you aren't bulk creating pseudonyms. The "identity" then has some value and can be used to build reputation but isn't linkable to anyone in the real world.

For most users though, who don't want to make a big financial sacrifice, their personal liability backed by the justice system will be a more attractive way to gain trust. Having thorough verification of identity followed by the issuance of a personal cert stating who it belongs to and the level of verification that was performed would be a valuable service.


These needs have already been anticipated. The payment protocol I've been designing with Gavin and Pieter will provide these features. See here:

https://bitcointalksearch.org/topic/invoicespaymentsreceipts-proposal-discussion-128442
https://gist.github.com/4120476

The current protocol allows merchants to send a message to payers at the same time as communicating addresses and proof of identity, and payers can provide a message when they upload transactions to the merchants. There's still a lot of design work to do, to ensure these facilities all get used correctly. If you upload a transaction to the recipient directly they can verify the message you provided makes sense, and only then broadcast the transactions and take the money.

The payment protocol also lays the foundation for building dispute mediation into the system.

This is a great discussion and needs to be continued.

Obviously bitcoin is not a panacea for counter party risk.

Investment schemes and financial fraud are probably as old as (if not older then)  prostitution and will certainly continue along with the "bitcoin revolution"


@hazek I do agree that the nanny state is a HUGE apart of the problem.  In the US I say it started with the invention of t-ball.

Unfortunately scammers prey on our GREED and our innate TRUST.  Most individuals first choice is to trust another person to say what they are going to do and most of the time that actually happens.  Once we get scammed or defrauded most individuals learn from that and are on the lookout for it to be repeated.  Unfortunately like the three card monty players you see in the summer time in any major metropolitan area, there will always be easy victims.

@mike I would love to read more about the work you are doing on the payment systems.  Is there a link?

This point is far too often missed in the Bitcoin world.  Everyone touts irreversibility as such a great thing, when in reality, it just shifts the risk of payment from the merchant to the customer.  As Mike mentioned, that's an improvement over the old system, but it's still not perfect. 

It most certainly requires a huge change of mindset, and this could be the greatest challenge Bitcoin will face with regards to mass adoption.  Customers are used to being able to order things online, and if they don't receive them, they can call up their CC company and cancel the order.  We need to make sure Bitcoin users are aware that sending Bitcoin to someone unknown is roughly equivalent to sending a package full of cash through the mail - you're not getting it back, so you better be sure whoever you are sending it to is trustworthy.

It sounds like what is really needed here is something OpenTransactions uses: a memo field. Human-readable names instead of addresses would help, but they're not foolproof; someone has to verify the owner's identity, which introduces centralization and (sometimes unwarranted) trust, and there are numerous issues with alternate and confusingly similar forms of names (amazon.com vs. arnazon.com vs. amazon-bitcoins.com). A freeform memo field in each transaction would allow the payer to indicate what the payment is for, greatly reducing the scope for these sorts of MitM attacks. The hypothetical diamond dealer would know better than to ship an order for diamonds when the memo field of the payment states that it was meant to cover an order for an iPhone.

(The other major missing piece, which would probably be harder to implement, is the ability to refuse payment. Transactions should require the recipients' signatures in addition to the senders' before being accepted into the block chain, similar to the requirement to endorse a check before it can be deposited. The current system where anyone can deposit funds, from any source, into anyone's account without their approval could get a lot of people into fairly serious trouble, accounting-wise.)

Gullible being the operative word.

Someone tell me what mechanism is in place so people don't get scammed in the street using cash? Oh that's right, THERE ISN'T ONE, besides common sense. The problem, Mike, is that this the issue of fraud can't be solved by making it impossible because you can't make it impossible, not even if you track everything and everyone. The only way to solve it is for people to LEARN FROM THEIR MISTAKES AND STOP REPEATING THEM.

Oh someone told you to send money to some place and expect and iPhone and you didn't check their credibility or used an escrow? Well too bad, lesson learned.


But naturally the nanny state tries to use this problem as an excuse to further oppress people under the pretense of providing tools(the use of violence) that make fraud impossible.  

I thing it could be useful if you add a "SCAM WARNING" message to your site, so this type of scam can be reduced.

Good points Mike.  I wasn't trying to imply it is solved.  I still think Bitcoins is years (maybe a decade) from mainstream acceptance and the issues you outline are just some of the hudrles.  I am bullish though because Bitcoin CAN be improved or extended.  With traditional payment mechanisms since the cost of fraud is never felt by the intermediary there is no real reason to spend money on improving anything.  I mean bank wires (at least in the US) are roughly the same as they were in the 1940s.  Bitcoin can be extended to prevent MIM based attacks.  The only question is how do we monetize that development.  I am all ears.

On IDs.  I don't know how useful they are. ID are pretty easy to fake.  I could get a photoshopped ID that says Mike Hearn for a hundred bucks and would be willing to bet it would be accepted by MtGox as legit.   Note that isn't a slam on MtGox they have a nearly impossible task of trying to "verify" IDs submitted for hundreds of countries and other political subdivisions.  Worse they aren't verifying the actual ID in person they are verifying a copy of the ID (which is much easier to fake). Once again a monopoly (govt issuers) don't really care and are unlikely to ever improve them. 

On Switzerland.  I didn't know that but it does illustrate the point that since banking isn't uniform the idea of a "one exchange to rule them all" is probably not going to happen.  A US based exchange (in theory) can get very good at authenticating US customers,  a EU based one very good at dealing with EU based customers.  I think currency exchange will be more diverse in the future.  Those that attempt to be everything to everyone will likely fail.

Is this supposed to be good or bad?

Yes. That's great for the merchant. Less great for the gullible victim.

I think we need to recognize that irreversibility cuts both ways. It's a huge benefit for sellers, and it's a downside for buyers. Satoshi recognized this from the start, which is why the introduction in his paper talks about using multi-signature transactions to protect buyers. Unfortunately nobody has ever stepped up to create such a system.

Now, bias towards the seller rather than the buyer is still better than the reverse because sellers are often brands with reputations they want to protect, they aren't going anywhere so they aren't going to rip you off. Buyers tend to have no reputation and have much less to lose from trying to rip the seller off. But it's still not ideal.

As an example of how this can happen entirely within the Bitcoin system, imagine you are selling diamonds through the mail and not doing ID verification of buyers. Now the iPhone scammer goes on craigslist on says "I'm selling an expensive laptop. Send 100 coins to address 1XyZ". The victim comes along and sends the bitcoins to the address, not realizing that the address is owned by the diamond shop and on receipt of the funds, the owner of the shop puts the diamonds in the mail and sends them off.

By the time the fraud is uncovered, the fraudster is long gone, as are the diamonds and the coins.

If instead of an address people are using payment protocol messages and verified identities/dispute mediated transactions/both, you have a solution.


Yes, requiring new customers to put a phone number into the bank wire so you can call them back is another possible solution. It does not apply in the case of a compromised bank account though - ID verification of coin recipients applies to both situations which is why Mt Gox and others do it.


Banks vary around the world. In Switzerland many payments are made in exactly this way. You enter an account number to send money to and the business name/address is displayed.

Mike has some good points but there is one fundamental difference with Bitcoin.  It can't be reversed, it can't be frozen, it can't be suspended.

What makes this issue so much tougher to fight is merchants are held hostage to third parties (i.e. banks, payment processors, credit card issuers, and service providers) who don't provide adequate tools to prevent fraud.  When the merchant doesn't prevent fraud (with nonexistent tools) it becomes the merchants fault.  Wow what a great system.

For example if I receive a bank wire the bank "could" provide me the phone number on the account.  Or for privacy reasons provide me a bank phone number and extension, which when I dial gets relayed to the account number on the account.    I get a wire, I do a call back verification and find out "WTF? You wired me money for an iPod cause a guy on craigslist told you too?".  I hit the (currently nonexistent) return button, indicate fraud, and the wire gets returned to customer with any fees PAID BY THE IDIOT CUSTOMER not the innocent merchant!

Another thing which "could" be done is change the way bank wires are originated.  Customer enters the routing and account number and the bank website (because banks are sharing this info) displays the business name, contact information, and a custom message from the business



Even better since accounts are just numbers and can be up to 30 digits long (ACH or IBAN) Banks could allow businesses to generate a single use address with a custom message (i.e. internal order number, account number, purpose of transaction, warnings, etc).  Funds sent to the single use account number get swept to the business main checking account.  Once used once any funds sent there get bounced back as undelivered.

None of this is science fiction. It could be done today, hell it could have been done 20 years ago.  However banks have no reason to improve security.  They don't lose anything.  That is the problem with monopolies.  From the banks point of view security is currently "good enough".  Real security is expensive and the banks are paying for the costs of inadequate security.   It is just like credit cards (although to a lesser extent) the current model removes all responsibility from the customer AND banks and places it on the merchant (who is the least equipped to prevent fraud).

How does Bitcoin change that?  Well one being an open network it allows the development of the security tools banks never will.  The other aspect that changes is it makes the customer responsible for their own action.   Instead of merchants being given an impossible task to prevent all fraud (with incomplete information) and paying all the cost the responsibility is shared and real tools can be developed to protect both customers and merchants.

Come on. This isn't even a fiat vs bitcoin problem, it's just a fundamental problem with money systems. Anyone who thinks Bitcoin is immune to this kind of attack needs to think again.

How does this attack work? It confuses the victim into thinking they are paying one person for one thing, when they are actually paying someone else for something different. In this case, the "something different" is Bitcoins delivered to the attackers address because (if you don't verify ID) that means the attacker can't be easily traced, but it could easily be many other types of good.

Bitcoin is not immune to this problem. In fact we are anticipating such attacks to become common in future, the mechanism being malware that waits until you make a payment and then swaps the addresses you see on screen for addresses owned by the virus writer. Even if you have a second factor auth system, you think you're paying the merchant, but the money actually goes somewhere else.

This is why we're doing the payment protocol work - the eventual end goal is to phase out the use of (end user visible) addresses, so most payments go to human-meaningful identities like amazon.com instead of 1AbCd.... - in combination with a second factor it solves the identity confusion attack by ensuring you always know who you're paying.

If you don't fix this, Bitcoin Nordic will get blacklisted by the banks again just like you did last time. You NEED to ensure that people depositing money understand what they are doing and who they are paying. But that is hard - hence the emphasis on being able to identify who the perpetrators are. Perhaps you should require the wire transfer description to contain "PURCHASE OF BITCOIN VIRTUAL CURRENCY. NOT FOR SALE OF GOODS" or something else that might tip users off to what's going on.

jonitas

The problem is FRAUD.

We all grip about the ID and personal info required to use FIAT systems.

Bitcoin is all about anonymity and speed. 

The problem is where bitcoin and fiat meet.  So much so that bitcoin business are now requiring verification not unlike fiat systems.

However, when we can earn bitcoin, receive our paycheck in bitcoin, pay our rent and bills and taxes in bitcoin and no longer have a need for moving fiat into and out of the system this will all go away.

Unfortunately until that time comes bitcoin remains a scammers paradise and bitcoin businesses will have to work very hard to combat this as the attacks become more sophisticated.

Why would you do that?! You're just selling a virtual product. We're not obliged in any way to verify where the money people use to pay comes from. Can you imagine a hairdresser asking for your ID because the money you pay with might be stolen?

What law would require you to do this? It's not like your selling a financial product or service, since bitcoin isn't yet officially considered a currency, you're just selling an ordinary product like an e-book.

Wouldn't the save way just be to require everyone to have Bitcoin Nordic or something similar in the purpose (or how ever it is called in English) field of every transaction.

everybody would wonder, why he has to put Bitcoin Nordic in there for his iPhone.

And if you get transactions with the words Ebay in it this is clearly a warning sign.

Months ago I started requiring ID of bank transfer depositors I suspect of being fraudalent. But even if I required this from everyone it wouldn't be a foolproof way to avoid this specific type of scam.

If the "seller" successfully convinces the buyer that he needs to provide identification documents to get his iPhone then we're still vulnerable. I agree it would very likely make the risk of this happening smaller.

Good work fimp. If you, or anyone else in our part of the bitcoin world, don't get off as easily on another occasion, I will stand up for you with my real life identity and be a character witness if they are credible as you are off cause.

So the scammer used Bitcoinnordic credentials but changed you business Bitcoin address for his own?

Maybe Bitcoin need a server certification system to verify registered addresses as genuine for businesses. Browser integrated so there is a warning on the page if a sellers address is unknown? Phishing would still be possible though.

I thought the solution was simple.  Only deal with irreversible (or very hard to reverse) deposit methods.  I expect Dwolla to get caught up in a lot of this type of "indirect" fraud.  So far it seems to be mostly two bit scams.  Just wait until organized crime gets involved (as in millions or tens of millions in fraudulent transactions).

"Bitcoin. Because a police officer says it's neat."

P.S.: You should ask him to join #bitcoin-police

The police officer sounds like a cool guy, but you have NOT solved the problem.

You need to start verifying the identities of depositors and people withdrawing money from your exchange like Mt Gox and other operations do. Not only is this your protection against being an exit from the fiat system for criminals, but the law may sometimes require it too (depending on thresholds, etc).

Whilst the police officer was obviously nice to you, don't take it personally if they come back and charge you with something. You clearly know there's abuse of your service and you will be expected to stamp it out. ID verification is the way to do that, so get on it.

Great Story but I think this begs a larger question.

This man in the middle (MIM) attack seems to be quite common recently.

An attacker finds an unsuspecting buyer  of say iphones or Justin Beiber tickers.

The buyer unknowingly sends their fiat to an unsuspecting bitcoin seller.

The attacker has already created an order for bitcoin with the unsuspecting bitcoin seller.

Once the unsuspecting buyer send the fiat to the bitcoin seller the bitcoins are sent to the attacker

and the buyer and the seller are left to figure out what has happened.

What are bitcoin businesses doing to combat this attack?

Thx.

this is what I call success story

Not really. He was trying to get his head around Bitcoin.

Did he smile and nod a lot?

Well done fimp

 Hahahahaha 

Good approach to an otherwise sticky situation. Just confirmes scammers are everywhere - so are opportunities to turn a negative into a positive. Good show!!

 

I was called in by the police today. Someone is creating ads for iPhones online and gives potential buyers the account information for Bitcoin Nordic. I then send Bitcoins to the iPhone "seller" without knowing I'm taking part in a scam and that he will never send the iPhone.

I've heard of other Bitcoin sellers experiencing this sort of scam, and I've received stolen money from phished bank accounts earlier and had two accounts closed, but this was my first time with this kind of trick.

The police suspected me because the fiat trail ends on Bitcoin Nordic's bank account. But I explained Bitcoin and I explained my business and they now consider me a witness instead of a suspect.

The police officer told me he spends a lot of time dealing with cases of credit card chargeback fraud. After I told him that kind of scam is impossible to do with Bitcoin, he told me several times that Bitcoin sounded really neat.

"Bitcoin. Because the government says it's neat."